[j-nsp] (Again) Rewriting IP precedence

Sorin CONSTANTINESCU consta at gmail.com
Tue Jan 10 09:55:54 EST 2006 

On 1/10/06, Lars Erik Gullerud <lerik at nolink.net> wrote:
> On Tue, 10 Jan 2006, Sorin CONSTANTINESCU wrote:
>
> [snip]
> > On the ingress interface (dot1q gigabit subinterface), i have a
> > firewall filter that changes the default forwarding-class
> > (best-effort) to assured-forwarding with plp low.
> >
> > Under [class-of-service], i've defined a rewrite rule for inet-precedence:
> >
> > === cut here ===
> > rewrite-rules {
> >    inet-precedence clear-inet-precedence {
> >        forwarding-class assured-forwarding {
> >            loss-priority low code-point 000;
> >        }
> >    }
> > }
> > === and here ===
> >
> > If i ping Host C from Host A, the precedence is correctly rewriten to
> > 000. If i ping Host B from Host A, the precedence is not cleared.
> >
> > The difference is that traffic from A to B is label-switched, and from
> > A to C is not.
> >
> > I've also configured a rewrite-rule to clear exp precedence , but the
> > precedence of the IPV4 packet inside is not cleared to 0x00.
>
> You are halfway there - you need to set up the rewrite-rule to clear exp
> precedence as you have done, but you need to apply it to the interfaces
> using the correct "protocol" statement so it will rewrite the payload and
> not just the label's EXP. Apply it under "class-of-service
> interfaces" using "protocol mpls-inet-both" or "mpls-inet-both-non-vpn"
> (the latter if you only want to rewrite internet traffic, not VPN/VRF
> traffic). Example shown below:
>
> class-of-service {
>      interfaces {
>          ge-0/0/0 {
>              unit 0 {
>                  rewrite-rules {
>                      exp clear-both-precedence protocol mpls-inet-both;
>                  }
>               }
>           }
>       }
> }
>
> Note - for M-series platforms you will only be able to write 000 codepoint
> to the payload, you need T-series or M320 if you want to write a
> non-zero codepoint on the payload, if I'm not mistaken.
>

Thanks, it worked.

> See JunOS docs for more info:
> http://www.juniper.net/techpubs/software/junos/junos73/swconfig73-interfaces/html/cos-summary71.html#1103506
>
> HTH,
> /leg
>


--
Sorin CONSTANTINESCU
JNCIS-M, CCNP
consta at gmail.com

More information about the juniper-nsp mailing list